TWO BANKS WEBSITE HACKED
Security firm Sunbelt, which recently discovered that the Bank of India's hacked website was serving dangerous malware, has said the infamous Russian Business Network — an ISP linked to child pornography and phishing — is behind the attack.The service provider in question has developed a notorious reputation, with VeriSign classifying it as "the baddest of the bad" in the ISP world in June 2006.
According to a VeriSign spokesperson, the Russian Business Network (RBN) is different to other service providers because "unlike many ISPs that host predominately legitimate items, RBN is entirely illegal".
"A scan of RBN and affiliated ISPs' net space conducted by VeriSign iDefense analysts failed to locate any legitimate activity. Instead, [our] research identified phishing, malicious code, botnet command-and-control, denial-of-service attacks and child pornography on every single server owned and operated by RBN," the spokesperson said.
RBN almost exclusively attacks non-Russian financial institutions and its leaders' family ties with a "a powerful St Petersburg politician" effectively offer it immunity from prosecution, the spokesperson added.
Patrik Runald, senior security specialist at F-Secure, said: "No one knows who the RBN is. They are a secret group based out of St Petersburg that appears to have political connections. The company doesn't legitimately exist. It's not registered and provides hosting for everything that's bad.""Their network infrastructure is behind a lot of the bad stuff we're seeing and it has connections to the MPack Group [a well-known group of cybercriminals which used MPack software to steal confidential data]," said Runald.Runald said that, in the case of the Bank of India's hacked website, RBN used an Iframe to launch another window which then pushed victims to a webpage containing malicious code.
"That page contained links to three other pages on other servers," said Runald. "At the time we started looking into it, two out of three URLs had been taken down. The one remaining was trying to use an exploit from 2006 to affect systems with a Trojan downloader. Once infected, that downloader would go out and download another piece of malware, including other downloaders," said Runald.
The Trojans used in this case were designed to steal passwords from PCs and upload Trojan proxies in aide of developing a botnet.
WATCH THE VIDEO HOW HACKERS INFECTED BANK OF INDIA WEBSITE ON 29 AUG 2007
WATCH
THE VIDEO HOW HACKERS HACK HSBC BANK WEBSITE
Orkut: The new danger
Orkut, the online portal, owned by Google finds itself
at the centre of debate. A nineteen-year-old student has
been accused of making a fake account of a girl. Can we
prevent the misuse of this technology by not posting our
numbers and pictures?
ABHISHEK NEVER IMAGINED that the prank he played on his
classmate would land him in jail. Abhishek, a management
student and still in his teens, was arrested by the Thane
police following a girl’s complaint about tarnishing her
image in the public forum - Orkut. The report after being
published in Mumbai Mirror has created a stir among the
Orkutians and opened up a whole new box of debate.
The incident
Abhishek had created a fake account in the name of the
girl with her mobile number posted on the profile. The
profile has been sketched in such a way that it draws
lewd comments from many who visit her profile. The Thane
Cyber Cell tracked down Abhishek from the false e-mail
id that he made to open up the account.
The question
In this case, the girl has not posted her picture or mobile
number in the fake profile. A brief search in the Orkut
profile will reveal many such profiles with pictures of
beautiful girls. My guess is that many of these girls
are not even aware of the fact that their profile exists.
These are created by some other people. I will term this
as “rape of the image”. Now the question is “Can we really
prevent this rape?”
The debate
The Mumbai Mirror’s report on the issue came with tips
to the Orkut users. Police Sub-Inspector Ravindra Chauhan
has been quoted as saying, “Orkut users should not put
up their photographs on the site. They should not reveal
personal information in their profile. Also no cellphone
numbers or identity should be mentioned in the scrap book,
as it is open to all.” But whether this really can be
a way out, is debatable. “What about the hundreds of CVs
I send to the unknown agencies everyday? They even contain
my mobile number”, says Aditi, a DU student and a hardcore
Orkut addict. She does have a point.
The truth is that in today’s world mobile numbers are
far from being personal information. The proof lies in
the numerous sales calls that we receive from credit card
agents. On the issue of the photograph, Aditi says, “When
Orkut gives an opportunity to show your face to the whole
world, then why not?” When asked about the risks involved,
she replied, “Who cares?” But everyone is not as carefree
as Aditi. A brief search in Orkut once more will reveal
profiles that have pictures of film stars, flowers, animals,
sceneries and not the face of the owner. “I will never
put my picture on Orkut profile,” says Mansi, whose profile
in Orkut carries the picture of Aishwarya Rai. “It’s not
safe, anybody and everybody can save it on their computer
and can misuse it.” But here again the question lies -
can we really prevent it? What happens to the hundreds
of passport photographs we send with the application forms
all our life? Any of them can be scanned and put up without
our notice. Are we sure that all copies of the digital
pictures taken at our local photography shop are deleted
after we leave? “I don’t know, but there is no harm in
being careful,” says Mansi.
So perhaps even in this age of globalisation and technical
advancements we will hold ourselves from showing our face
to the entire world for we never know who is misusing
it in what way. And as the lawmakers say “We cannot do
anything, until a complaint is lodged”.
More